Presentation is loading. Please wait.

Presentation is loading. Please wait.

SSSD for Linux Authentication with Active Directory

Published byΑελλα Παπάγος Modified over 6 years ago

Similar presentations

Presentation on theme: "SSSD for Linux Authentication with Active Directory"— Presentation transcript:

1 SSSD for Linux Authentication with Active Directory
Frank Penrose, Casey Coughlen – Engineering IT Erik Coleman, Devin Gengelbach – Technology Services

2 Linux Authentication with AD
Brief History Recent developments and plans Best practices Sample configs Open discussion on what is needed next

3 Brief History of Linux Auth w/AD

4 Brief History of Linux Auth w/AD

5 Homage to Our Linux Friends…
David Anderson Andrew Hurt

6 Active Directory – Linux Support
What we’ve done so far POSIX (RFC 2307) Attribute Schema uidNumber generation for netids gidGroups for users

7 Active Directory – Linux Support
What we’ve got left to do  Pre-populate homeDirectory: /home/netid  Pre-populate loginShell: /bin/bash

8 Best Practices Populate your created user and group objects with uidNumber and gidNumber less than Restrict your search bases for users and groups to only the campus OUs and OUs that are COMPLETELY within your control Put the group name for your own created groups into extensionAttribute12 If you use Kerberos for authentication, you should join your Linux computers to the Active Directory domain (Ask me why Engineering does NOT) Set a minimum allowed uidNumber and gidNumber above 500 Use allowed groups and restricted groups in conjunction with access.conf and TEST TEST TEST Monitor SSSD configurations over a few days before making production to ensure that caching is not running amok in the background

9 Sample Configurations
Illinois Wiki Space – Book of Engineering Linux-> SSSD Config review and Demo Time

10 Active Directory – Linux Support
Other Issues NIS Groups UID numbers under Uniqueness of uidNumber / gidNumber Bear in mind IAMU role in this—providing authN/authZ infrastructure. We aren't going to be forcing ways to do things. That said, we have to caution the use of OUs as security boundaries

11 Give us your Feedback! What are we missing? What do you want to see?
What about NIS Groups Global uidNumber  plan (< 100,000)

Download ppt "SSSD for Linux Authentication with Active Directory"

Similar presentations

UAG Authentication and Authorization- part1

UAG Authentication and Authorization- part1
© 2009 GroundWork Open Source, Inc. PROPRIETARY INFORMATION: Information contained herein is not for use or disclosure outside of GroundWork Open Source,

© 2009 GroundWork Open Source, Inc. PROPRIETARY INFORMATION: Information contained herein is not for use or disclosure outside of GroundWork Open Source,
Remote Name Mapping for Linux NFSv4 Andy Adamson Center For Information Technology Integration University of Michigan August 2005.

Remote Name Mapping for Linux NFSv4 Andy Adamson Center For Information Technology Integration University of Michigan August 2005.
How to Succeed with Active Directory Robert Williams, PhD CEO Secure Logistix Corporation.

How to Succeed with Active Directory Robert Williams, PhD CEO Secure Logistix Corporation.
Windows Monitoring Yancy Ribbens

Windows Monitoring Yancy Ribbens
Introduction to Active Directory

Introduction to Active Directory
Remote Name Mapping Linux NFSv4 Andy Adamson Center For Information Technology Integration University of Michigan.

Remote Name Mapping Linux NFSv4 Andy Adamson Center For Information Technology Integration University of Michigan.
CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration
Vikram Thakur Introduction to Active Directory Structure.

Vikram Thakur Introduction to Active Directory Structure.
Guide to MCSE 70-290, Enhanced 1 Activity 4-1: Creating and Adding Members to Global Groups Objective: Use Active Directory Users and Computers to create.

Guide to MCSE , Enhanced 1 Activity 4-1: Creating and Adding Members to Global Groups Objective: Use Active Directory Users and Computers to create.
Module 1: Installing Active Directory Domain Services

Module 1: Installing Active Directory Domain Services
(ITI310) SESSIONS 9-10-11-12: Active Directory By Eng. BASSEM ALSAID.

(ITI310) SESSIONS : Active Directory By Eng. BASSEM ALSAID.
Session 6 Windows Platform Dina Alkhoudari. Learning Objectives What is Active Directory Logical components of active directory Physical components of.

Session 6 Windows Platform Dina Alkhoudari. Learning Objectives What is Active Directory Logical components of active directory Physical components of.
Configuring CIFS Upon completion of this module, you should be able to: Configure the Data Mover for a Windows environment Create and Join a CIFS Server.

Configuring CIFS Upon completion of this module, you should be able to: Configure the Data Mover for a Windows environment Create and Join a CIFS Server.
Understand Active Directory Infrastructure

Understand Active Directory Infrastructure
Building a KDC. Kerberos Implementations RedHat 5 comes with MIT Kerberos 1.6 Ubuntu 10.04 LTS comes with MIT Kerberos 1.8.1 Admin through CLI, but from.

Building a KDC. Kerberos Implementations RedHat 5 comes with MIT Kerberos 1.6 Ubuntu LTS comes with MIT Kerberos Admin through CLI, but from.
Designing Active Directory for Security

Designing Active Directory for Security
Extending Active Directory Authentication and Account Management To Solaris 10 Systems A HOWTO guide for joining a Solaris 10 (8/07) host to a domain in.

Extending Active Directory Authentication and Account Management To Solaris 10 Systems A HOWTO guide for joining a Solaris 10 (8/07) host to a domain in.
Active Directory Boundaries - Purpose Replication Boundaries Security Boundaries.

Active Directory Boundaries - Purpose Replication Boundaries Security Boundaries.
Hands-On Microsoft Windows Server 2008 Chapter 5 Configuring, Managing, and Troubleshooting Resource Access.

Hands-On Microsoft Windows Server 2008 Chapter 5 Configuring, Managing, and Troubleshooting Resource Access.

Similar presentations

Ads by Google